On 2008-02-13 06:27:56 -0900, "Dennis G. Wicks" <[EMAIL PROTECTED]> said:
> Greetings!
>
> It seems the time has come to build a dedicated
> firewall machine for myself. The win 2k machine I have
> been using is getting too flaky.
>
> I have a P-II HP box that was a pretty solid performer
> that I think will do for the hardware. (Agree/disagree?)
>
> I need some suggestions for the firewall software,
> running on Debian, of course! No sense reinventing the
> wheel.
>
Hey, I'm doing the same thing right now! My earlier question about
not being able to boot Debian on PE350 was just about that, as that
machine was retired at work and I'm bringing it home to make a
gateway out of it :-)
There are several options for this kind of thing. The best dedicated
system that I know of is m0n0wall ( http://m0n0.ch/wall/ ), which is
a striped-down FreeBSD 4 customized as a firewall appliance. There's
also pfSense ( http://www.pfsense.com ), which is based on m0n0wall,
but uses FreeBSD 6.2 and OpenBSD's pf, and includes a bunch of extra
useful packages that extend the functionality.
pfSense is certainly enticing, but I decided to stick with Debian,
for the primary reason - apt. If I want to experiment with some new
functionality, its most of the time just apt-get away, and once you
lived with it, its damn hard to go back :-)
Now, since you too mentioned sticking with Debian, you can install
minimum system + iptables + iproute on the firewall machine, and use
fwbuilder ( http://www.fwbuilder.org/ ) to generate rules scripts for
it, then just add the path to the script to /etc/rc.local and you're
good to go.
> I need something that either includes http/ftp proxy or
> something else that will provide that service. Also
> socks 4/5 and probably a virus/adware scanner too.
>
For this there's Squid and ClamAV. pfSense includes Squid, but not
ClamAV, which is another reason to stick with Debian :-)
--
Siraaj Khandkar
Ron Paul - Hope for America
http://www.ronpaul2008.com/
http://www.youtube.com/results?search_query=Ron+Paul&search=Search
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
